Numerous information sessions have been held and publications issued about the whys and wherefores of General Data Protection Regulation (GDPR), often from a legal perspective. So, everyone has become aware of the importance of GDPR.
However, many (maybe even the majority) are still unclear as to how they will effectively ensure that their organisation is GDPR-compliant by 25 May 2018. In other words: the WHAT has become clear for everybody, but many questions remain about the HOW.
In this white paper, we propose a pragmatic approach to implementing GDPR, based on our own experience, with limited overhead within the organisation.
- GDPR Measures
- Maintaining a data register of personal data
- Privacy Impact Assessments (PIA's) for sensitive personal data
- Implementing security Measures
- Adapting agreements between controllers and the processors
- Privacy Notices
- Data Breach Notification
- Data Protection Officer (DPO)
- For which organisations is GDPR important?
- The new data privacy commission - the data protection authority (DPA)
- Cyber security and GDPR
- A plan to become GDPR compliant by 25 May 2018